ClawHub

Bona Movie Production

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-run client for Bona image and video generation, with expected remote API use and no evidence of hidden or destructive behavior.

Install only if you intend to use Bona's remote generation service. Use a scoped API key, keep the default service endpoints unless you trust the replacement, and avoid submitting confidential prompts or private media URLs unless you are allowed to share them with that service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends user prompts and user-supplied image/video/audio URLs to third-party generation endpoints, but the documentation does not warn users that their content leaves the local system. This creates a privacy and data-governance risk, especially if users provide proprietary media, personal data, or confidential prompts under the assumption of local processing.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The client silently sends an API credential to a remote login endpoint to exchange it for an access token, without any explicit user-facing disclosure or consent checkpoint. In a skill/agent context, that can cause users or operators to expose sensitive credentials to a third-party service unexpectedly, especially because the endpoint is configurable via CLI arguments.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill transmits prompts, thread IDs, and user-supplied image/video/audio reference URLs to remote APIs, but the code provides no explicit disclosure or consent mechanism. In an agent setting this is meaningful because prompts and media references may contain proprietary, personal, or otherwise sensitive content, and the destination base URL is user-configurable.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal